授权判断

backend/components/v1/authorizationFilter.php

@@ -6,7 +6,8 @@ use Yii;
 use yii\base\ActionFilter;
 use yii\helpers\StringHelper;
 use app\models\v1\rbacuser\ShopRbacUser;
-use yii\web\HttpException;
+use yii\web\ForbiddenHttpException;
+use yii\web\UnauthorizedHttpException;
 class authorizationFilter extends ActionFilter
 {
     public $optional;
@@ -16,6 +17,7 @@ class authorizationFilter extends ActionFilter
         if ($this->isOptional($action)) {
             return true;
         }
+        if (isset(Yii::$app->user->identity->GUID)) {
             $userGuid = Yii::$app->user->identity->GUID;
             $url = Yii::$app->request->pathInfo;
             $shopRbacUser = ShopRbacUser::find()
@@ -30,7 +32,9 @@ class authorizationFilter extends ActionFilter
             if (!empty($shopRbacUser)) {
                 return true;
             }
-        throw new HttpException('403','没有权限访问此接口');
+            throw new ForbiddenHttpException('没有权限访问此接口');
+        }
+        throw new UnauthorizedHttpException();
     }
     /**
      * Checks, whether authentication is optional for the given action.